ЕСОЗ - публічна документація

2FA Authorization Test

Owned by Edward Voloshin (Unlicensed)
Last updated: Nov 27, 2017
4 min read
n/nDescriptionInputsExpected ResultStep by Step ScriptActual Result
WS: BlockUser, UnblockUser


2FA_user_BU1Block user (happy pass)
  • WS = BlockUser()
  • Authorization - Mithril Admin

Response 200

Update user in DB (is_blocked, block_reason).

  • Login as Mithril Admin
  • Call BlockUser()
OK
2FA_user_BU2Block user (bad user_id)
  • WS = BlockUser()
  • Authorization - Mithril Admin
  • Corrupted user_id

Response 404


  • Login as Mithril Admin
  • Call BlockUser()

OK

2FA_user_BU3Block user (without scope )
  • WS = BlockUser()
  • Authorization - NHS Admin

Response 403


  • Login as NHS Admin
  • Call BlockUser()
OK
2FA_user_BU4UnBlock user (happy pass)
  • WS = UnBlockUser()
  • Authorization - Mithril Admin

Response 200

Update user in DB (is_blocked).

  • Login as Mithril Admin
  • Call UnBlockUser()
OK
2FA_user_BU5UnBlock user (bad user_id)
  • WS = UnBlockUser()
  • Authorization - Mithril Admin
  • Corrupted user_id

Response 404


  • Login as Mithril Admin
  • Call UnBlockUser()

OK

2FA_user_BU6UnBlock user (without scope )
  • WS = UnBlockUser()
  • Authorization - NHS Admin

Response 403


  • Login as NHS Admin
  • Call UnBlockUser()
OK
WS: Create2FA


2FA_create_FA1Create FA item (happy pass)
  • WS = Create2FA()
  • DELETE 2FA item with type `SMS`
  • Authorization - Mithril Admin

Response 201

Create 2FA item in DB

  • Login as Mithril Admin
  • Check not-exist 2FA item for user
  • Call Create2FA()
OK
2FA_create_FA2Create FA item (try create duplicate with type)
  • WS = BlockUser()
  • DELETE 2FA item with type `SMS`
  • Authorization - Mithril Admin
Response 422
  • Login as Mithril Admin
  • Check exist 2FA item for user with type SMS
  • Call Create2FA()
OK
2FA_create_FA3Create FA item (with bad type
  • WS = BlockUser()
  • Use Corrupted type `ID_ID`
  • Authorization - Mithril Admin
Response 422
  • Login as Mithril Admin
  • Call Create2FA()
Ok
2FA_create_FA4Create FA item (with factor value)
  • WS = BlockUser()
  • Use factor in payload
  • DELETE 2FA item with type `SMS`
  • Authorization - Mithril Admin
Response 422
  • Login as Mithril Admin
  • Check not-exist 2FA item for user with type SMS
  • Call Create2FA()
Ok
2FA_create_FA5Create FA item (without scope)
  • WS = BlockUser()
  • Use factor in payload
  • DELETE 2FA item with type `SMS`
  • Authorization - NHS Admin
Response 403
  • Login as NHS Admin
  • Call Create2FA()
OK
WS: Get2FAList, Get2FAbyID


2FA_get_FA1Get 2FA list (happy pass)
  • WS = Get2FAList()
  • Authorization - Mithril Admin
Response 200
  • Login as Mithril Admin
  • Call Get2FAList()
OK
2FA_get_FA2Get 2FA list (with type filter)
  • WS = Get2FAList() with type `EMAIL`
  • Authorization - Mithril Admin
Response 200, rows=0
  • Login as Mithril Admin
  • Call Get2FAList() with type `EMAIL`
OK
2FA_get_FA3Get 2FA by ID (happy pass)
  • WS = Get2FAbyID() 
  • Authorization - Mithril Admin
Response 200, rows=1
  • Login as Mithril Admin
  • Call Get2FAbyID()
OK
2FA_get_FA4Get 2FA list (without scope)
  • WS = Get2FAList()
  • Authorization - authentication_factor:read
Response 403
  • Login as NHS Admin
  • Call Get2FAList()
OK
WS: DisableUser2FA, EnableUser2FA, ResetUser2FA


2FA_DER_FA1DisableUser2FA (happy pass)
  • WS = DisableUser2FA()
  • Authorization - Mithril Admin

Response 200

Update 2FA item in DB

  • Login as Mithril Admin
  • Call DisableUser2FA()
OK
2FA_DER_FA2EnableUser2FA (happy pass)
  • WS = EnableUser2FA()
  • Authorization - Mithril Admin

Response 200

Update 2FA item in DB

  • Login as Mithril Admin
  • Call EnableUser2FA()
OK
2FA_DER_FA3DisableUser2FA (bad ID)
  • WS = DisableUser2FA()
  • Authorization - Mithril Admin
  • Corrupted 2fa_id
Response 404
  • Login as Mithril Admin
  • Call DisableUser2FA()
OK
2FA_DER_FA4EnableUser2FA (bad ID)
  • WS = EnableUser2FA()
  • Authorization - Mithril Admin
  • Corrupted 2fa_id
Response 404
  • Login as Mithril Admin
  • Call EnableUser2FA()
OK
2FA_DER_FA5ResetUser2FA (happy pass)
  • WS = ResetUser2FA()
  • Authorization - Mithril Admin
  • Corrupted 2fa_id

Response 200

Update 2FA item in DB

  • Login as Mithril Admin
  • Call ResetUser2FA()
OK
WS: CreateUser


2FA_create_U1Create user (2FA deafult)
  • WS = CreateUser()
  • DELETE user with test email 
  • Authorization - Mithril Admin

Response 201

Create User  in DB

Create 2FA item in DB 

  • Login as Mithril Admin
  • Check not-exist user
  • Call CreateUser() without "2fa_enable" attribute
OK
2FA_create_U2Create user (2FA enable)
  • WS = CreateUser()
  • DELETE user with test email 
  • Authorization - Mithril Admin

Response 201

Create User  in DB

Create 2FA item in DB 

  • Login as Mithril Admin
  • Check not-exist user
  • Call CreateUser() with "2fa_enable" = true 
OK
2FA_create_U3Create user (2FA disable)
  • WS = CreateUser()
  • DELETE user with test email 
  • Authorization - Mithril Admin

Response 201

Create User  in DB

Create 2FA item in DB 

  • Login as Mithril Admin
  • Check not-exist user
  • Call CreateUser() with "2fa_enable" = false
OK
WS: CreateToken


2FA_create_T0Create Token (2FA Disable, happy pass )
  • WS = CreateToken()
  • Check 2FA disable(not exist)
  • Authorization - test user of MSP
  • Response 201
  • Return access_token
  • Response.urgent.next_step = REQUEST_APPS


  • Login as test_2fa_user
  • Check 2FA state
  • Call CreateToken() with grant_type=password
Ok
2FA_create_T1Create Token (2FA Reset, happy pass )
  • WS = CreateToken()
  • Check 2FA exist, enable, factor = null 
  • Authorization - test user of MSP

Response 201

Response.urgent.next_step = REQUEST_FACTOR

 

  • Login as test_2fa_user
  • Check 2FA state
  • Call CreateToken() with grant_type=password
Ok
2FA_create_T2Create Token (2FA Active, happy pass )
  • WS = CreateToken()
  • Check 2FA exist, enable, factor exist 
  • Authorization - test user of MSP
  • Response 201
  • Response.urgent.next_step = REQUEST_OTP
  • Create OTP item 
  • Return 2_fa_access_token
  • Login as test_2fa_user
  • Check 2FA state
  • Call CreateToken() with grant_type=password
Ok
2FA_create_T3Authorize OTP (2FA Active, happy pass )
  • WS = CreateToken()
  • Check 2FA exist
  • Correct OTP
  • Authorization - test user of MSP
  • Response 201
  • Update OTP item (VERIFIED)
  • Return access_token
  • Response.urgent.next_step = REQUEST_APPS
  • Login as test_2fa_user
  • Check 2FA state
  • Call CreateToken() with grant_type=password
  • Call CreateToken() with grant_type=authorize_2fa_access_token & otp value
Ok
2FA_create_T3.1Authorize OTP (2FA Active, Repeated call )
  • WS = CreateToken()
  • Check 2FA exist
  • Correct OTP
  • Authorization - test user of MSP
  • Response 401
  • Login as test_2fa_user
  • Check 2FA state
  • Call CreateToken() with grant_type=password
  • Call CreateToken() with grant_type=authorize_2fa_access_token & otp value
  • Repeat previous step (Call CreateToken() )
Ok
2FA_create_T3.2Authorize OTP (2FA Active, call after expired OTP )
  • WS = CreateToken()
  • Check 2FA exist
  • Correct OTP
  • Authorization - test user of MSP
  • Response 401
  • Update OTP item (EXPIRED)
  • Login as test_2fa_user
  • Check 2FA state
  • Call CreateToken() with grant_type=password
  • Wait for OTP expiring
  • Call CreateToken() with grant_type=authorize_2fa_access_token & otp value
Ok
2FA_create_T4Authorize OTP (2FA Active, bad OTP )
  • WS = CreateToken()
  • Check 2FA exist
  • Corrupted  OTP
  • Authorization - test user of MSP
  • Response 401
  • Increment OTP_counter in user
  • Login as test_2fa_user
  • Check 2FA state
  • Call CreateToken() with grant_type=password
  • Call CreateToken() with grant_type=authorize_2fa_access_token & corrupted otp value
Ok
2FA_create_T5Create Token (2FA Active, bad password )
  • WS = CreateToken()
  • login correct, password incorrect
  • Authorization - test user of MSP
  • Response 401
  • Increment Login_err_counter in user 
  • After Login_err_counter excesses LIMIT - auto block user
  • Login as test_2fa_user
  • Call CreateToken() with grant_type=password
Ok
2FA_create_T6Authorize OTP (2FA reset )
  • WS = CreateToken()
  • Check 2FA reset
  • Authorization - test user of MSP

Response 401


  • Login as test_2fa_user
  • Check 2FA state
  • Call CreateToken() with grant_type=password
  • Call CreateToken() with grant_type=authorize_2fa_access_token
Ok
2FA_create_T7Resend OTP (2FA Active, call after expired OTP )
  • WS = CreateToken()
  • Check 2FA exist
  • Authorization - test user of MSP
  • Response 201
  • Create new 2fa_access_token
  • Create new OTP 
  • Login as test_2fa_user
  • Check 2FA state
  • Call CreateToken() with grant_type=password
  • Wait for OTP expiring
  • Call CreateToken() with grant_type=refresh_2fa_access_token
OK






WS: InitFactor, ApproveFactor


2FA_Init_factor_1Init Factor (2FA Enable, happy pass)
  • access_token 
  • 2FA Enable
  • Response 201
  • Terminated old  2fa_access_token
  • Response 2fa_access_token
  • Insert phone & type into token.details 
  • Create & send OTP on new phone
  • Login as test_2fa_user
  • Check 2FA state
  • Call CreateToken() with grant_type=password
  • Call CreateToken() with grant_type=authorize_2fa_access_token & otp value
  • Call InitFactor ()
Ok
2FA_Init_factor_3Init Factor (2FA Disable)
  • access_token 
  • 2FA Disable
  • Response 404
  • Login as test_2fa_user
  • Check 2FA state
  • Call CreateToken() with grant_type=password
  • Call InitFactor ()
Ok
2FA_Init_factor_4Init Factor (2FA Enable, bad phone in payload)
  • 2fa_access_token 
  • 2FA Enable
  • corrupted phone
  • Response 422
  • Login as test_2fa_user
  • Check 2FA state
  • Call CreateToken() with grant_type=password
  • Call CreateToken() with grant_type=authorize_2fa_access_token & otp value
  • Call InitFactor ()
Ok
2FA_Init_factor_5Init Factor (2FA Reset, happy pass)
  • 2fa_access_token 
  • 2FA Enable
  • Response 201
  • Terminated old  2fa_access_token
  • Response new  2fa_access_token
  • Insert phone & type into token.details 
  • Create & send OTP on new phone
  • Login as test_2fa_user
  • Check 2FA state
  • Call CreateToken() with grant_type=password
  • Call InitFactor() 
Ok
2FA_Init_factor_6Init Factor (2FA Enable, bad token type)
  • 2fa_access_token 
  • 2FA Enable
  • Response 401
  • Login as test_2fa_user
  • Check 2FA state
  • Call CreateToken() with grant_type=password
  • Call InitFactor ()
Ok






2FA_Appr_factor_1Approve Factor (after 2FA reset, happy pass)
  • 2FA reset
  • InitFactor ()
  • Response 200
  • Terminated old  2fa_access_token
  • Response new  access_token
  • Update 2FA 
  • Update OTP item (VERIFIED)
  • Login as test_2fa_user
  • Check 2FA state
  • Call CreateToken() with grant_type=password
  • Call InitFactor() 
  • Call ApproveFactor()
Ok
2FA_Appr_factor_2Approve Factor (after 2FA reset, Repeated call)
  • 2FA reset
  • InitFactor ()
  • Response 404
  • Login as test_2fa_user
  • Check 2FA state
  • Call CreateToken() with grant_type=password
  • Call InitFactor() 
  • Call ApproveFactor()
  • Repeat Call ApproveFactor()
OK
2FA_Appr_factor_3Approve Factor (after 2FA reset, bad OTP)
  • 2FA reset
  • InitFactor ()
  • Corrupted OTP
  • Response 401
  • Update OTP item (counter_err)
  • Login as test_2fa_user
  • Check 2FA state
  • Call CreateToken() with grant_type=password
  • Call InitFactor() 
  • Call ApproveFactor() with bad OTP
Ok
2FA_Appr_factor_4Approve Factor (after 2FA change, happy pass)
  • 2FA active
  • InitFactor ()
  • Response 201
  • Terminated old  2fa_access_token
  • Response new  access_token
  • Update 2FA 
  • Update OTP item (VERIFIED)
  • Login as test_2fa_user
  • Check 2FA state
  • Call CreateToken() with grant_type=password
  • Call InitFactor() 
  • Call ApproveFactor()
Ok






ЕСОЗ - публічна документація